All advisories

Build cache credentials are reflected in administration screens

CVE-2019-11403

Affected product(s)

  • Gradle Enterprise < 2018.5.2
  • Gradle Enterprise Build Cache Node < 5.2

Severity

High

Description

The cache node administration page available via Gradle Enterprise, and individual Build Cache Node servers, reflects the credentials used by users to access the cache via the HTTP interface.

Mitigation

Upgrade to Gradle Enterprise 2020.5.2 and/or Build Cache Node 5.2.